这篇文章给大家分享的是有关.net core webapi jwt认证的示例分析的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。
在五通桥等地区,都构建了全面的区域性战略布局,加强发展的系统性、市场前瞻性、产品创新能力,以专注、极致的服务理念,为客户提供
成都做网站、成都网站设计 网站设计制作按需网站设计,公司网站建设,企业网站建设,
品牌网站建设,
成都营销网站建设,外贸营销网站建设,五通桥网站建设费用合理。
jwt认证分为两部分,第一部分是加密解密,第二部分是灵活的应用于中间件,我的处理方式是将获取token放到api的一个具体的controller中,将发放token与验证分离,token的失效时间,发证者,使用者等信息存放到config中。
1.配置:
在appsettings.json中增加配置
"Jwt": {
"Issuer": "issuer",//随意定义
"Audience": "Audience",//随意定义
"SecretKey": "abc",//随意定义
"Lifetime": 20, //单位分钟
"ValidateLifetime": true,//验证过期时间
"HeadField": "useless", //头字段
"Prefix": "prefix", //前缀
"IgnoreUrls": [ "/Auth/GetToken" ]//忽略验证的url
}2:定义配置类:
internal class JwtConfig
{
public string Issuer { get; set; }
public string Audience { get; set; }
///
/// 加密key
///
public string SecretKey { get; set; }
///
/// 生命周期
///
public int Lifetime { get; set; }
///
/// 是否验证生命周期
///
public bool ValidateLifetime { get; set; }
///
/// 验证头字段
///
public string HeadField { get; set; }
///
/// jwt验证前缀
///
public string Prefix { get; set; }
///
/// 忽略验证的url
///
public List IgnoreUrls { get; set; }
}3.加密解密接口:
public interface IJwt
{
string GetToken(Dictionary Clims);
bool ValidateToken(string Token,out Dictionary Clims);
}4.加密解密的实现类:
install -package System.IdentityModel.Tokens.Jwt
public class Jwt : IJwt
{
private IConfiguration _configuration;
private string _base64Secret;
private JwtConfig _jwtConfig = new JwtConfig();
public Jwt(IConfiguration configration)
{
this._configuration = configration;
configration.GetSection("Jwt").Bind(_jwtConfig);
GetSecret();
}
///
/// 获取到加密串
///
private void GetSecret()
{
var encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes("salt");
byte[] messageBytes = encoding.GetBytes(this._jwtConfig.SecretKey);
using (var hmacsha256 = new HMACSHA256(keyByte))
{
byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
this._base64Secret= Convert.ToBase64String(hashmessage);
}
}
///
/// 生成Token
///
///
///
public string GetToken(Dictionary Claims)
{
List claimsAll = new List();
foreach (var item in Claims)
{
claimsAll.Add(new Claim(item.Key, item.Value));
}
var symmetricKey = Convert.FromBase64String(this._base64Secret);
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = _jwtConfig.Issuer,
Audience = _jwtConfig.Audience,
Subject = new ClaimsIdentity(claimsAll),
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(this._jwtConfig.Lifetime),
SigningCredentials =new SigningCredentials(new SymmetricSecurityKey(symmetricKey),
SecurityAlgorithms.HmacSha256Signature)
};
var securityToken = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(securityToken);
}
public bool ValidateToken(string Token, out Dictionary Clims)
{
Clims = new Dictionary();
ClaimsPrincipal principal = null;
if (string.IsNullOrWhiteSpace(Token))
{
return false;
}
var handler = new JwtSecurityTokenHandler();
try
{
var jwt = handler.ReadJwtToken(Token);
if (jwt == null)
{
return false;
}
var secretBytes = Convert.FromBase64String(this._base64Secret);
var validationParameters = new TokenValidationParameters
{
RequireExpirationTime = true,
IssuerSigningKey = new SymmetricSecurityKey(secretBytes),
ClockSkew = TimeSpan.Zero,
ValidateIssuer = true,//是否验证Issuer
ValidateAudience = true,//是否验证Audience
ValidateLifetime = this._jwtConfig.ValidateLifetime,//是否验证失效时间
ValidateIssuerSigningKey = true,//是否验证SecurityKey
ValidAudience = this._jwtConfig.Audience,
ValidIssuer = this._jwtConfig.Issuer
};
SecurityToken securityToken;
principal = handler.ValidateToken(Token, validationParameters, out securityToken);
foreach (var item in principal.Claims)
{
Clims.Add(item.Type, item.Value);
}
return true;
}
catch (Exception ex)
{
return false;
}
}
}5.定义获取Token的Controller:
在Startup.ConfigureServices中注入 IJwt
services.AddTransient(); // Jwt注入
[Route("[controller]/[action]")]
[ApiController]
public class AuthController : ControllerBase
{
private IJwt _jwt;
public AuthController(IJwt jwt)
{
this._jwt = jwt;
}
///
/// getToken
///
///
[HttpPost]
public IActionResult GetToken()
{
if (true)
{
Dictionary clims = new Dictionary();
clims.Add("userName", userName);
return new JsonResult(this._jwt.GetToken(clims));
}
}
}
6.创建中间件:
public class UseJwtMiddleware
{
private readonly RequestDelegate _next;
private JwtConfig _jwtConfig =new JwtConfig();
private IJwt _jwt;
public UseJwtMiddleware(RequestDelegate next, IConfiguration configration,IJwt jwt)
{
_next = next;
this._jwt = jwt;
configration.GetSection("Jwt").Bind(_jwtConfig);
}
public Task InvokeAsync(HttpContext context)
{
if (_jwtConfig.IgnoreUrls.Contains(context.Request.Path))
{
return this._next(context);
}
else
{
if (context.Request.Headers.TryGetValue(this._jwtConfig.HeadField, out Microsoft.Extensions.Primitives.StringValues authValue))
{
var authstr = authValue.ToString();
if (this._jwtConfig.Prefix.Length > 0)
{
authstr = authValue.ToString().Substring(this._jwtConfig.Prefix.Length+1, authValue.ToString().Length -(this._jwtConfig.Prefix.Length+1));
}
if (this._jwt.ValidateToken(authstr, out Dictionary Clims))
{
foreach (var item in Clims)
{
context.Items.Add(item.Key, item.Value);
}
return this._next(context);
}
else
{
context.Response.StatusCode = 401;
context.Response.ContentType = "application/json";
return context.Response.WriteAsync("{\"status\":401,\"statusMsg\":\"auth vaild fail\"}");
}
}
else
{
context.Response.StatusCode = 401;
context.Response.ContentType = "application/json";
return context.Response.WriteAsync("{\"status\":401,\"statusMsg\":\"auth vaild fail\"}");
}
}
}
}7.中间件暴露出去
public static class UseUseJwtMiddlewareExtensions
{
///
/// 权限检查
///
///
///
public static IApplicationBuilder UseJwt(this IApplicationBuilder builder)
{
return builder.UseMiddleware();
}
}8.在Startup.Configure中使用中间件:
app.UseJwt();
以1的配置为例:
除了请求 /auth/getToken 不需要加头信息外,其他的请求一律要求头信息中必须带着
userless:prefix (从Auth/GetToken中获取到的token)
感谢各位的阅读!关于“.net core webapi jwt认证的示例分析”这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,让大家可以学到更多知识,如果觉得文章不错,可以把它分享出去让更多的人看到吧!
本文名称:.netcorewebapijwt认证的示例分析-创新互联
本文来源:
http://cdkjz.cn/article/dhoesi.html
